Security update: The Heartbleed vulnerability

On April 7th 2014, a serious internet vulnerability “Heartbleed” was announced in the latest version of a software component ‘OpenSSL’ which is used to encrypt traffic on the majority of websites using SSL. The bug could allow others to intercept private data from affected servers.

It is estimated that this vulnerability affects over 66% of all secure internet websites, including many high profile websites such as Yahoo, eBay, Google and even your online banking.

At Skiddle we take your security very seriously. As soon as this vulnerability was announced, our security team patched our servers to remove the bug and also replaced all of our SSL certificates. Skiddle and all of our White Label websites are no longer affected by this bug. We have policies in place that all security patches are applied to our servers in a timely manner and follow or exceed industry best practices. We carry out vulnerability scans on our servers regularly and employ 3rd party penetration testers to verify our security. Skiddle had also implemented Forward Perfect Secrecy last year on most of its secure areas, which further reduces the risk.

Whilst there has not been any specific threat reported to our websites, we are treating it seriously and advise all our users to change their passwords as a precautionary measure. Although Skiddle is no longer vulnerable, other internet websites you use may be, so we strongly advise that you select a new password that is not in use on any other website.

You can change your members password here: https://www.skiddle.com/register/forgottenpassword.php

You can change your promoter’s password here: https://www.skiddle.com/promotion/recover-password.php

You can read more about the Heartbleed bug here:

You can also check if other websites you use are still vulnerable here: